Vulnerabilities > CVE-2009-4067 - Classic Buffer Overflow vulnerability in multiple products

047910
CVSS 6.8 - MEDIUM
Attack vector
PHYSICAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
low complexity
linux
redhat
CWE-120
nessus
exploit available

Summary

Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system.

Vulnerable Configurations

Part Description Count
OS
Linux
952
OS
Redhat
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Exploit-Db

descriptionLinux Kernel 2.6.26 Auerswald USB Device Driver Buffer Overflow Vulnerability. CVE-2009-4067. Local exploit for linux platform
idEDB-ID:35957
last seen2016-02-04
modified2009-10-19
published2009-10-19
reporterR. Dominguez Veg
sourcehttps://www.exploit-db.com/download/35957/
titleLinux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow Vulnerability

Nessus

  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2013-0039.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2013-0039 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id79507
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79507
    titleOracleVM 2.2 : kernel (OVMSA-2013-0039)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2013-0039.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79507);
      script_version("1.25");
      script_cvs_date("Date: 2020/02/13");
    
      script_cve_id("CVE-2006-6304", "CVE-2007-4567", "CVE-2009-0745", "CVE-2009-0746", "CVE-2009-0747", "CVE-2009-0748", "CVE-2009-1388", "CVE-2009-1389", "CVE-2009-1895", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-2692", "CVE-2009-2847", "CVE-2009-2848", "CVE-2009-2908", "CVE-2009-3080", "CVE-2009-3286", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3620", "CVE-2009-3621", "CVE-2009-3726", "CVE-2009-4020", "CVE-2009-4021", "CVE-2009-4067", "CVE-2009-4138", "CVE-2009-4141", "CVE-2009-4307", "CVE-2009-4308", "CVE-2009-4536", "CVE-2009-4537", "CVE-2009-4538", "CVE-2010-0007", "CVE-2010-0415", "CVE-2010-0437", "CVE-2010-0622", "CVE-2010-0727", "CVE-2010-1083", "CVE-2010-1084", "CVE-2010-1086", "CVE-2010-1087", "CVE-2010-1088", "CVE-2010-1173", "CVE-2010-1188", "CVE-2010-1436", "CVE-2010-1437", "CVE-2010-1641", "CVE-2010-2226", "CVE-2010-2240", "CVE-2010-2248", "CVE-2010-2521", "CVE-2010-2798", "CVE-2010-2942", "CVE-2010-2963", "CVE-2010-3067", "CVE-2010-3078", "CVE-2010-3086", "CVE-2010-3296", "CVE-2010-3432", "CVE-2010-3442", "CVE-2010-3477", "CVE-2010-3858", "CVE-2010-3859", "CVE-2010-3876", "CVE-2010-3877", "CVE-2010-4073", "CVE-2010-4080", "CVE-2010-4081", "CVE-2010-4083", "CVE-2010-4157", "CVE-2010-4158", "CVE-2010-4242", "CVE-2010-4248", "CVE-2010-4249", "CVE-2010-4258", "CVE-2010-4346", "CVE-2010-4649", "CVE-2010-4655", "CVE-2011-0521", "CVE-2011-0726", "CVE-2011-1010", "CVE-2011-1020", "CVE-2011-1044", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1083", "CVE-2011-1090", "CVE-2011-1093", "CVE-2011-1160", "CVE-2011-1162", "CVE-2011-1163", "CVE-2011-1182", "CVE-2011-1573", "CVE-2011-1577", "CVE-2011-1585", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1776", "CVE-2011-1833", "CVE-2011-2022", "CVE-2011-2203", "CVE-2011-2213", "CVE-2011-2482", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2525", "CVE-2011-3191", "CVE-2011-3637", "CVE-2011-3638", "CVE-2011-4077", "CVE-2011-4086", "CVE-2011-4110", "CVE-2011-4127", "CVE-2011-4324", "CVE-2011-4330", "CVE-2011-4348", "CVE-2012-1583", "CVE-2012-2136");
      script_bugtraq_id(35281, 35647, 35850, 35851, 35930, 36038, 36472, 36639, 36723, 36824, 36827, 36901, 36936, 37068, 37069, 37339, 37519, 37521, 37523, 37762, 37806, 38144, 38165, 38185, 38479, 38898, 39016, 39042, 39044, 39101, 39569, 39715, 39719, 39794, 40356, 40920, 42124, 42242, 42249, 42505, 42529, 43022, 43221, 43353, 43480, 43787, 43809, 44242, 44301, 44354, 44630, 44648, 44754, 44758, 45014, 45028, 45037, 45058, 45063, 45073, 45159, 45323, 45972, 45986, 46073, 46488, 46492, 46567, 46616, 46630, 46766, 46793, 46866, 46878, 47003, 47308, 47321, 47343, 47381, 47534, 47535, 47791, 47796, 47843, 48236, 48333, 48383, 48641, 48687, 49108, 49141, 49295, 49373, 50322, 50370, 50750, 50755, 50764, 50798, 51176, 51361, 51363, 51945, 53139, 53721);
    
      script_name(english:"OracleVM 2.2 : kernel (OVMSA-2013-0039)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates : please see Oracle VM Security Advisory
    OVMSA-2013-0039 for details."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/oraclevm-errata/2013-May/000153.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel Sendpage Local Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(16, 20, 119, 189, 200, 264, 362, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-PAE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-PAE-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-ovs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-ovs-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:2.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/05/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "2\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 2.2", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS2.2", reference:"kernel-2.6.18-128.2.1.5.10.el5")) flag++;
    if (rpm_check(release:"OVS2.2", reference:"kernel-PAE-2.6.18-128.2.1.5.10.el5")) flag++;
    if (rpm_check(release:"OVS2.2", reference:"kernel-PAE-devel-2.6.18-128.2.1.5.10.el5")) flag++;
    if (rpm_check(release:"OVS2.2", reference:"kernel-devel-2.6.18-128.2.1.5.10.el5")) flag++;
    if (rpm_check(release:"OVS2.2", reference:"kernel-ovs-2.6.18-128.2.1.5.10.el5")) flag++;
    if (rpm_check(release:"OVS2.2", reference:"kernel-ovs-devel-2.6.18-128.2.1.5.10.el5")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-devel / kernel-ovs / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-7812.NASL
    descriptionThis Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel. The following security issues have been fixed : - A USB string descriptor overflow in the auerwald USB driver was fixed, which could be used by physically proximate attackers to cause a kernel crash. (CVE-2009-4067) - Always check the path in CIFS mounts to avoid interesting filesystem path interaction issues and potential crashes. (CVE-2011-3363) - A malicious CIFS server could cause a integer overflow on the local machine on directory index operations, in turn causing memory corruption. (CVE-2011-3191) - The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel did not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allowed physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577. (CVE-2011-1776) The following non-security issues have been fixed : - md: fix deadlock in md/raid1 and md/raid10 when handling a read error. (bnc#628343) - md: fix possible raid1/raid10 deadlock on read error during resync. (bnc#628343) - Add timeo parameter to /proc/mounts for nfs filesystems. (bnc#616256) - virtio: indirect ring entries (VIRTIO_RING_F_INDIRECT_DESC). (bnc#713876) - virtio: teach virtio_has_feature() about transport features. (bnc#713876) - nf_nat: do not add NAT extension for confirmed conntracks. (bnc#709213) - 8250: Oxford Semiconductor Devices. (bnc#717126) - 8250_pci: Add support for the Digi/IBM PCIe 2-port Adapter. (bnc#717126) - 8250: Fix capabilities when changing the port type. (bnc#717126) - 8250: Add EEH support. (bnc#717126) - xfs: fix memory reclaim recursion deadlock on locked inode buffer. (bnc#699355 / bnc#699354 / bnc#721830) - ipmi: do not grab locks in run-to-completion mode. (bnc#717421) - cifs: add fallback in is_path_accessible for old servers. (bnc#718028) - cciss: do not attempt to read from a write-only register. (bnc#683101) - s390: kernel: System hang if hangcheck timer expires (bnc#712009,LTC#74157). - s390: kernel: NSS creation with initrd fails (bnc#712009,LTC#74207). - s390: kernel: remove code to handle topology interrupts (bnc#712009,LTC#74440). - xen: Added 1083-kbdfront-absolute-coordinates.patch. (bnc#717585) - acpi: Use a spinlock instead of mutex to guard gbl_lock access. (bnc#707439) - Allow balance_dirty_pages to help other filesystems. (bnc#709369) - nfs: fix congestion control. (bnc#709369) - NFS: Separate metadata and page cache revalidation mechanisms. (bnc#709369) - jbd: Fix oops in journal_remove_journal_head(). (bnc#694315) - xen/blkfront: avoid NULL de-reference in CDROM ioctl handling. (bnc#701355) - xen/x86: replace order-based range checking of M2P table by linear one. - xen/x86: use dynamically adjusted upper bound for contiguous regions. (bnc#635880) - Fix type in patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is -making-progress. - s390: cio: Add timeouts for internal IO (bnc#701550,LTC#72691). - s390: kernel: first time swap use results in heavy swapping (bnc#701550,LTC#73132). - s390: qeth: wrong number of output queues for HiperSockets (bnc#701550,LTC#73814).
    last seen2020-06-01
    modified2020-06-02
    plugin id57214
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57214
    titleSuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7812)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57214);
      script_version ("1.5");
      script_cvs_date("Date: 2019/10/25 13:36:43");
    
      script_cve_id("CVE-2009-4067", "CVE-2011-1577", "CVE-2011-1776", "CVE-2011-3191", "CVE-2011-3363");
    
      script_name(english:"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7812)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This Linux kernel update fixes various security issues and bugs in the
    SUSE Linux Enterprise 10 SP4 kernel.
    
    The following security issues have been fixed :
    
      - A USB string descriptor overflow in the auerwald USB
        driver was fixed, which could be used by physically
        proximate attackers to cause a kernel crash.
        (CVE-2009-4067)
    
      - Always check the path in CIFS mounts to avoid
        interesting filesystem path interaction issues and
        potential crashes. (CVE-2011-3363)
    
      - A malicious CIFS server could cause a integer overflow
        on the local machine on directory index operations, in
        turn causing memory corruption. (CVE-2011-3191)
    
      - The is_gpt_valid function in fs/partitions/efi.c in the
        Linux kernel did not check the size of an Extensible
        Firmware Interface (EFI) GUID Partition Table (GPT)
        entry, which allowed physically proximate attackers to
        cause a denial of service (heap-based buffer overflow
        and OOPS) or obtain sensitive information from kernel
        heap memory by connecting a crafted GPT storage device,
        a different vulnerability than CVE-2011-1577.
        (CVE-2011-1776)
    
    The following non-security issues have been fixed :
    
      - md: fix deadlock in md/raid1 and md/raid10 when handling
        a read error. (bnc#628343)
    
      - md: fix possible raid1/raid10 deadlock on read error
        during resync. (bnc#628343)
    
      - Add timeo parameter to /proc/mounts for nfs filesystems.
        (bnc#616256)
    
      - virtio: indirect ring entries
        (VIRTIO_RING_F_INDIRECT_DESC). (bnc#713876)
    
      - virtio: teach virtio_has_feature() about transport
        features. (bnc#713876)
    
      - nf_nat: do not add NAT extension for confirmed
        conntracks. (bnc#709213)
    
      - 8250: Oxford Semiconductor Devices. (bnc#717126)
    
      - 8250_pci: Add support for the Digi/IBM PCIe 2-port
        Adapter. (bnc#717126)
    
      - 8250: Fix capabilities when changing the port type.
        (bnc#717126)
    
      - 8250: Add EEH support. (bnc#717126)
    
      - xfs: fix memory reclaim recursion deadlock on locked
        inode buffer. (bnc#699355 / bnc#699354 / bnc#721830)
    
      - ipmi: do not grab locks in run-to-completion mode.
        (bnc#717421)
    
      - cifs: add fallback in is_path_accessible for old
        servers. (bnc#718028)
    
      - cciss: do not attempt to read from a write-only
        register. (bnc#683101)
    
      - s390: kernel: System hang if hangcheck timer expires
        (bnc#712009,LTC#74157).
    
      - s390: kernel: NSS creation with initrd fails
        (bnc#712009,LTC#74207).
    
      - s390: kernel: remove code to handle topology interrupts
        (bnc#712009,LTC#74440).
    
      - xen: Added 1083-kbdfront-absolute-coordinates.patch.
        (bnc#717585)
    
      - acpi: Use a spinlock instead of mutex to guard gbl_lock
        access. (bnc#707439)
    
      - Allow balance_dirty_pages to help other filesystems.
        (bnc#709369)
    
      - nfs: fix congestion control. (bnc#709369)
    
      - NFS: Separate metadata and page cache revalidation
        mechanisms. (bnc#709369)
    
      - jbd: Fix oops in journal_remove_journal_head().
        (bnc#694315)
    
      - xen/blkfront: avoid NULL de-reference in CDROM ioctl
        handling. (bnc#701355)
    
      - xen/x86: replace order-based range checking of M2P table
        by linear one.
    
      - xen/x86: use dynamically adjusted upper bound for
        contiguous regions. (bnc#635880)
    
      - Fix type in
        patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is
        -making-progress.
    
      - s390: cio: Add timeouts for internal IO
        (bnc#701550,LTC#72691).
    
      - s390: kernel: first time swap use results in heavy
        swapping (bnc#701550,LTC#73132).
    
      - s390: qeth: wrong number of output queues for
        HiperSockets (bnc#701550,LTC#73814)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-4067.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-1577.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-1776.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-3191.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-3363.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7812.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/10/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"kernel-bigsmp-2.6.16.60-0.91.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"kernel-default-2.6.16.60-0.91.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"kernel-smp-2.6.16.60-0.91.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"kernel-source-2.6.16.60-0.91.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"kernel-syms-2.6.16.60-0.91.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"kernel-xen-2.6.16.60-0.91.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"kernel-xenpae-2.6.16.60-0.91.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"kernel-bigsmp-2.6.16.60-0.91.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"kernel-debug-2.6.16.60-0.91.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"kernel-default-2.6.16.60-0.91.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"kernel-kdump-2.6.16.60-0.91.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"kernel-kdumppae-2.6.16.60-0.91.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"kernel-smp-2.6.16.60-0.91.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"kernel-source-2.6.16.60-0.91.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"kernel-syms-2.6.16.60-0.91.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"kernel-vmi-2.6.16.60-0.91.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"kernel-vmipae-2.6.16.60-0.91.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"kernel-xen-2.6.16.60-0.91.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"kernel-xenpae-2.6.16.60-0.91.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1408.NASL
    descriptionAn updated rhev-hypervisor package that fixes several security issues is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. The RHBA-2011:1254 update introduced a regression in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id79280
    published2014-11-17
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79280
    titleRHEL 5 : rhev-hypervisor (RHSA-2011:1408)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-7811.NASL
    descriptionThis Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel. The following security issues have been fixed : - A USB string descriptor overflow in the auerwald USB driver was fixed, which could be used by physically proximate attackers to cause a kernel crash. (CVE-2009-4067) - Always check the path in CIFS mounts to avoid interesting filesystem path interaction issues and potential crashes. (CVE-2011-3363) - A malicious CIFS server could cause a integer overflow on the local machine on directory index operations, in turn causing memory corruption. (CVE-2011-3191) - The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel did not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allowed physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577. (CVE-2011-1776) The following non-security issues have been fixed : - md: fix deadlock in md/raid1 and md/raid10 when handling a read error. (bnc#628343) - md: fix possible raid1/raid10 deadlock on read error during resync. (bnc#628343) - Add timeo parameter to /proc/mounts for nfs filesystems. (bnc#616256) - virtio: indirect ring entries (VIRTIO_RING_F_INDIRECT_DESC). (bnc#713876) - virtio: teach virtio_has_feature() about transport features. (bnc#713876) - nf_nat: do not add NAT extension for confirmed conntracks. (bnc#709213) - 8250: Oxford Semiconductor Devices. (bnc#717126) - 8250_pci: Add support for the Digi/IBM PCIe 2-port Adapter. (bnc#717126) - 8250: Fix capabilities when changing the port type. (bnc#717126) - 8250: Add EEH support. (bnc#717126) - xfs: fix memory reclaim recursion deadlock on locked inode buffer. (bnc#699355 / bnc#699354 / bnc#721830) - ipmi: do not grab locks in run-to-completion mode. (bnc#717421) - cifs: add fallback in is_path_accessible for old servers. (bnc#718028) - cciss: do not attempt to read from a write-only register. (bnc#683101) - s390: kernel: System hang if hangcheck timer expires (bnc#712009,LTC#74157). - s390: kernel: NSS creation with initrd fails (bnc#712009,LTC#74207). - s390: kernel: remove code to handle topology interrupts (bnc#712009,LTC#74440). - xen: Added 1083-kbdfront-absolute-coordinates.patch. (bnc#717585) - acpi: Use a spinlock instead of mutex to guard gbl_lock access. (bnc#707439) - Allow balance_dirty_pages to help other filesystems. (bnc#709369) - nfs: fix congestion control. (bnc#709369) - NFS: Separate metadata and page cache revalidation mechanisms. (bnc#709369) - jbd: Fix oops in journal_remove_journal_head(). (bnc#694315) - xen/blkfront: avoid NULL de-reference in CDROM ioctl handling. (bnc#701355) - xen/x86: replace order-based range checking of M2P table by linear one. - xen/x86: use dynamically adjusted upper bound for contiguous regions. (bnc#635880) - Fix type in patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is -making-progress. - s390: cio: Add timeouts for internal IO (bnc#701550,LTC#72691). - s390: kernel: first time swap use results in heavy swapping (bnc#701550,LTC#73132). - s390: qeth: wrong number of output queues for HiperSockets (bnc#701550,LTC#73814).
    last seen2020-06-01
    modified2020-06-02
    plugin id59160
    published2012-05-17
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59160
    titleSuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7811)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2310.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-4067 Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the auerswald module, a driver for Auerswald PBX/System Telephone USB devices. Attackers with physical access to a system
    last seen2020-03-17
    modified2011-09-26
    plugin id56285
    published2011-09-26
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56285
    titleDebian DSA-2310-1 : linux-2.6 - privilege escalation/denial of service/information leak
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-1386.NASL
    descriptionFrom Red Hat Security Advisory 2011:1386 : Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : * The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important) * IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system
    last seen2020-06-01
    modified2020-06-02
    plugin id68375
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68375
    titleOracle Linux 5 : kernel (ELSA-2011-1386)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1236-1.NASL
    descriptionIt was discovered that the Auerswald usb driver incorrectly handled lengths of the USB string descriptors. A local attacker with physical access could insert a specially crafted USB device and gain root privileges. (CVE-2009-4067) It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. (CVE-2011-1573) Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494) Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495) Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56583
    published2011-10-21
    reporterUbuntu Security Notice (C) 2011-2020 Canonical, Inc. / NASL script (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56583
    titleUbuntu 8.04 LTS : linux vulnerabilities (USN-1236-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2013-1832-1.NASL
    descriptionThe SUSE Linux Enterprise Server 10 SP3 LTSS kernel received a roll up update to fix lots of moderate security issues and several bugs. The Following security issues have been fixed : CVE-2012-4530: The load_script function in fs/binfmt_script.c in the Linux kernel did not properly handle recursion, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2011-2494: kernel/taskstats.c in the Linux kernel allowed local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another users password. CVE-2013-2234: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel did not initialize certain structure members, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. CVE-2013-2237: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. CVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel did not initialize certain data structures, which allowed local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. CVE-2013-2141: The do_tkill function in kernel/signal.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. CVE-2013-0160: The Linux kernel allowed local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel did not initialize certain structures, which allowed local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3235: net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-1827: net/dccp/ccid.h in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call. CVE-2012-6549: The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory via a crafted application. CVE-2012-6547: The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2012-6546: The ATM implementation in the Linux kernel did not initialize certain structures, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2012-6544: The Bluetooth protocol stack in the Linux kernel did not properly initialize certain structures, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. CVE-2012-6545: The Bluetooth RFCOMM implementation in the Linux kernel did not properly initialize certain structures, which allowed local users to obtain sensitive information from kernel memory via a crafted application. CVE-2012-6542: The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel had an incorrect return value in certain circumstances, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. CVE-2012-6541: The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2012-6540: The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel did not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2013-0914: The flush_signal_handlers function in kernel/signal.c in the Linux kernel preserved the value of the sa_restorer field across an exec operation, which made it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. CVE-2011-2492: The bluetooth subsystem in the Linux kernel did not properly initialize certain data structures, which allowed local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c. CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel did not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. CVE-2012-6539: The dev_ifconf function in net/socket.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2013-2232: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel allowed local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. CVE-2012-4444: The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel allowed remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel on unspecified architectures lacked a certain error check, which might have allowed local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel allowed local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel allowed local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. CVE-2012-3510: Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel allowed local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command. CVE-2011-4110: The user_update function in security/keys/user_defined.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and
    last seen2020-06-05
    modified2015-05-20
    plugin id83603
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83603
    titleSUSE SLES10 Security Update : kernel (SUSE-SU-2013:1832-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20111020_KERNEL_ON_SL5_X.NASL
    descriptionThe kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : - The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important) - IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system
    last seen2020-06-01
    modified2020-06-02
    plugin id61162
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61162
    titleScientific Linux Security Update : kernel on SL5.x i386/x86_64
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-1386.NASL
    descriptionUpdated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : * The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important) * IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system
    last seen2020-06-01
    modified2020-06-02
    plugin id56569
    published2011-10-21
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56569
    titleCentOS 5 : kernel (CESA-2011:1386)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1386.NASL
    descriptionUpdated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : * The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important) * IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system
    last seen2020-06-01
    modified2020-06-02
    plugin id56577
    published2011-10-21
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56577
    titleRHEL 5 : kernel (RHSA-2011:1386)

Redhat

rpms
  • kernel-0:2.6.18-274.7.1.el5
  • kernel-PAE-0:2.6.18-274.7.1.el5
  • kernel-PAE-debuginfo-0:2.6.18-274.7.1.el5
  • kernel-PAE-devel-0:2.6.18-274.7.1.el5
  • kernel-debug-0:2.6.18-274.7.1.el5
  • kernel-debug-debuginfo-0:2.6.18-274.7.1.el5
  • kernel-debug-devel-0:2.6.18-274.7.1.el5
  • kernel-debuginfo-0:2.6.18-274.7.1.el5
  • kernel-debuginfo-common-0:2.6.18-274.7.1.el5
  • kernel-devel-0:2.6.18-274.7.1.el5
  • kernel-doc-0:2.6.18-274.7.1.el5
  • kernel-headers-0:2.6.18-274.7.1.el5
  • kernel-kdump-0:2.6.18-274.7.1.el5
  • kernel-kdump-debuginfo-0:2.6.18-274.7.1.el5
  • kernel-kdump-devel-0:2.6.18-274.7.1.el5
  • kernel-xen-0:2.6.18-274.7.1.el5
  • kernel-xen-debuginfo-0:2.6.18-274.7.1.el5
  • kernel-xen-devel-0:2.6.18-274.7.1.el5

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 48687 CVE ID: CVE-2009-4067 Linux Kernel是Linux操作系统的内核。 Linux Kernel的Auerswald USB设备驱动程序在实现上存在缓冲区溢出漏洞,远程攻击者可利用此漏洞以超级用户权限执行任意代码,从而完全控制受影响计算机。 Linux Kernel的Auerswald PBX/System Telephone USB驱动程序的实现中存在缓冲区溢出漏洞。 Linux kernel 2.6.26 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.kernel.org/
idSSV:20956
last seen2017-11-19
modified2011-09-29
published2011-09-29
reporterRoot
titleLinux Kernel Auerswald USB设备驱动程序缓冲区溢出漏洞